HBGary E-mail Says DuPont Hit by China's Operation Aurora Attack

Stolen HBGary e-mail reveals DuPont was hit by the same Chinese hackers that hit Google, Morgan Stanley and Adobe as part of Operation Aurora.

Revelations from HBGary e-mail keep on rolling in. The latest e-mail identifies several more high-profile companies hit by attacks similar to Operation Aurora.

E-mail stolen from HBGary's mail servers by hacktivist group Anonymous earlier this year revealed that the same Chinese hackers who had attacked Google as Operation Aurora had also targeted chemical company DuPont in late 2009. Bloomberg News examined some of the e-mail stored on anonleaks.ch.

Google publicly disclosed in January 2010 that it had been under continued attack over a six-month period in 2009. It estimated about 200 companies were victims of Operation Aurora, although most have not identified themselves. The victims list includes Adobe, Intel, Juniper Networks, defense contractor Northrop Grumman and Dow Chemical. Last month, some HBGary e-mail messages came to light identifying investment bank Morgan Stanley as another Aurora victim.

A DuPont internal investigation discovered some of its computers had been implanted with spyware during a business trip to China, wrote HBGary's Rich Cummings in a Feb. 4, e-mail. The PCs had been stored in a hotel safe, Cummings said. DuPont felt the attacks were done by hackers who represented "people, organizations and countries that strive to do them harm," Bob Slapnik, an HBGary investigator wrote in an e-mail.

DuPont was hit twice in a space of 12 months, the e-mail showed. DuPont learned of the second attack from the Federal Bureau of Investigation on Dec. 9, 2010. After an investigation, DuPont executives concluded they were the target of a campaign of industrial spying, according to the e-mail.

"They believe their bad guys are the Chinese who want to catch up and leapfrog them in the global marketplace," Slapnik wrote.

The U.S. State Department and intelligence agencies believe Aurora was sanctioned by the Chinese government, according to Diplomatic cables released by WikiLeaks. However, various Chinese officials have steadfastly denied any links. Wang Baodong, a spokesman for China's embassy in Washington D.C., said China is a victim of hacking attacks and "the wrong target of unwarranted blame."

Bloomberg News also examined other e-mail from major companies such as Walt Disney, Sony, Johnson & Johnson and General Electric, which had been compromised as part of a wide-scale attack, although it wasn't clear whether HBGary considered those attacks part of Operation Aurora. E-mail mentioning Sony, Johnson & Johnson and General Electric focused on the hackers' techniques and less on what was taken or how deeply the attackers penetrated, according to the article.

There were over 60,000 e-mail messages between HBGary and affected companies discussing the network breaches, and each decided not to disclose the network breaches publicly to regulators and investors.

Executives of attacked companies feared the intrusions would spark questions from investors and regulators about what was stolen, according to the e-mail. U.S. securities laws require companies to report events considered "material" to investors. The e-mail messages do not appear to mention what attackers managed to take.

Many of the affected companies hired HBGary, a security forensics firm with a large number of both government and private-sector customers to investigate network breaches.